[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu Jun 23 17:19:02 MDT 2011
The branch, master has been updated
via 5d7d52c Fix bug #8254 - "acl check permissions = no" does not work in all cases
from a73abc0 build: Add a script to install python and Samba with one command
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5d7d52ceea6ac046940ae0a8112ee7ba79ce886d
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jun 23 15:06:16 2011 -0700
Fix bug #8254 - "acl check permissions = no" does not work in all cases
Move lp_acl_check_permissions() into can_delete_file_in_directory()
where it makes sense. Remove ACL check when requesting DELETE_ACCESS
when lp_acl_check_permissions is false.
Thanks to John Janosik @ IBM for noticing this.
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Fri Jun 24 01:18:11 CEST 2011 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/file_access.c | 5 +++++
source3/smbd/open.c | 13 +++++++++++--
2 files changed, 16 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 960dcb7..7485564 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -92,6 +92,11 @@ bool can_delete_file_in_directory(connection_struct *conn,
return False;
}
+ if (!lp_acl_check_permissions(SNUM(conn))) {
+ /* This option means don't check. */
+ return true;
+ }
+
/* Get the parent directory permission mask and owners. */
if (!parent_dirname(ctx, smb_fname->base_name, &dname, NULL)) {
return False;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index ee7b2ad..86a5924 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -77,6 +77,16 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
NTSTATUS status;
struct security_descriptor *sd = NULL;
+ if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
+ *access_granted = access_mask;
+
+ DEBUG(10,("smbd_check_open_rights: not checking ACL "
+ "on DELETE_ACCESS on file %s. Granting 0x%x\n",
+ smb_fname_str_dbg(smb_fname),
+ (unsigned int)*access_granted ));
+ return NT_STATUS_OK;
+ }
+
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(SECINFO_OWNER |
SECINFO_GROUP |
@@ -3278,8 +3288,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
/* Setting FILE_SHARE_DELETE is the hint. */
- if (lp_acl_check_permissions(SNUM(conn))
- && (create_disposition != FILE_CREATE)
+ if ((create_disposition != FILE_CREATE)
&& (access_mask & DELETE_ACCESS)
&& (!(can_delete_file_in_directory(conn, smb_fname) ||
can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list